==== Postfix ====

=== Completed 2018-06-27 ===

  * Finished mysql configuration of postfix
  * Connected smtp & smtpd to sluug.org wildcard cert
  * Disabled postgrey
  * All other filters already disabled
  * Verify postfixadmin before cutover. See the [[postfix admin|Postfix Admin page]].
  * PLAIN login method changed to TLS
    * (requires TLS connection before sending password)
    
=== Email system testing successful 2018-06-28 ===

=== ToDo ===

  * Configure maildir for new users in postfixadmin
  * Setup and enable SpamAssassin or rspamd
  * Setup and enable clamav
  * Setup and enable Amavisd?
  * Setup and configure Webalizer
===== postgrey =====

==== Configuration ====

Create new "/etc/postgrey/whitelist_recipients.local".
Edit it to add the one added "slack@craigbuchek.com" line from
"/etc/postfix/postgrey_whitelist_recipients" copied from amber.
Delete "/etc/postfix/postgrey_whitelist_recipients" copied from amber.
Use /etc/postgrey/whitelist_recipients installed by default, don't change.

Use "/etc/postgrey/whitelist_clients" installed by default, don't change.
Delete "/etc/postfix/postgrey_whitelist_clients" copied from amber
which was not changed from default on amber.

Rename "/etc/postfix/postgrey_whitelist_clients.local" copied from amber
to "/etc/postgrey/whitelist_clients.local".
Edit this to delete or comment all SLUUG servers no longer operating.

Edit /etc/default/postgrey to add to the POSTGREY_OPTS variable:
<code>
    --inet=127.0.0.1:10023           Replaces --inet=10023
    --delay=240
    --auto-whitelist-clients=4
    --max-age=95
</code>

Restart the postgrey daemon:
<code>
systemctl stop   postgrey
systemctl status postgrey
systemctl start  postgrey
systemctl status postgrey
</code>

Check logs "/var/log/daemon.log" and "/var/log/mail.info".
netstat --all --numeric --numeric-ports | egrep 'Address|10023'
ps -ef | egrep 'PID|postgrey'

Edit "/etc/postfix/main.cf".
Check port in main.cf should now be port 10023 and not 60000.
The test to be added to "smtpd_recipient_restrictions" is
"check_policy_service inet:127.0.0.1:10023,".
An example is:
<code>
    smtpd_recipient_restrictions =
        permit_mynetworks,
        reject_unauth_destination,
        check_policy_service inet:127.0.0.1:10023
</code>

Reload the postfix daemon:
<code>
systemctl reload postgrey
systemctl status postgrey
</code>

Check log "/var/log/mail.info".

Test sending mail from an external system.

Continue to monitor "/var/log/mail.info".

==== Additional information ====

Files and directories of interest:

  */etc/init.d/postgrey   - Startup script
  */etc/default/postgrey  - Startup options
  */etc/postgrey/         - All config files except startup options
  */var/lib/postgrey/     - Database files

Search finds comments that postgrey doesn't support systemd, and systemd
is using "a shim" to just run the init script.

When stopping, expect to see errors logged about
Couldn't unlink "/var/run/postgrey.pid".
However, it is properly created when started and deleted when stopped.